Sebastian Siewior schrieb:
> The XTS blockmode uses a copy of the IV which is saved on the stack
> and may or may not be properly aligned. If it is not, it will break
> hardware cipher like the geode or padlock.
> This patch moves the copy of IV to the private structre which has the
> same aligment as the underlying cipher.
>
> Signed-off-by: Sebastian Siewior <sebastian@xxxxxxxxxxxxx>
It works now! Thanks!
But I get much lower speed than with aes-cbc-essiv:sha256.
With xts I get 57MB/s while reading the cryptodev with dd, and >90% sys in top, 0% wait
With cbc-essiv I get about 75MB/s while reading it with dd, 60% sys int top, 30% wait
without cryptodev I get 75MB/s while reading the raw lvm-volume with dd, 40% sys, 50% wait
I do a blockdev --flushbufs beetween each read.
Tested-by: Stefan Hellermann <stefan@xxxxxxxxxxxxxx>
> ---
> Stefan, please try the following patch, it should fix your xts problem.
>
> crypto/xts.c | 32 +++++++++++++++++---------------
> 1 files changed, 17 insertions(+), 15 deletions(-)
>
> diff --git a/crypto/xts.c b/crypto/xts.c
> index 8eb08bf..4457022 100644
> --- a/crypto/xts.c
> +++ b/crypto/xts.c
> @@ -24,7 +24,17 @@
> #include <crypto/b128ops.h>
> #include <crypto/gf128mul.h>
>
> +struct sinfo {
> + be128 t;
> + struct crypto_tfm *tfm;
> + void (*fn)(struct crypto_tfm *, u8 *, const u8 *);
> +};
> +
> struct priv {
> + /* s.t being the first member in this struct enforces proper alignment
> + * required by the underlying cipher without explicit knowing the it.
> + */
> + struct sinfo s;
> struct crypto_cipher *child;
> struct crypto_cipher *tweak;
> };
> @@ -76,12 +86,6 @@ static int setkey(struct crypto_tfm *parent, const u8 *key,
> return 0;
> }
>
> -struct sinfo {
> - be128 t;
> - struct crypto_tfm *tfm;
> - void (*fn)(struct crypto_tfm *, u8 *, const u8 *);
> -};
> -
> static inline void xts_round(struct sinfo *s, void *dst, const void *src)
> {
> be128_xor(dst, &s->t, src); /* PP <- T xor P */
> @@ -97,13 +101,12 @@ static int crypt(struct blkcipher_desc *d,
> int err;
> unsigned int avail;
> const int bs = crypto_cipher_blocksize(ctx->child);
> - struct sinfo s = {
> - .tfm = crypto_cipher_tfm(ctx->child),
> - .fn = fn
> - };
> - be128 *iv;
> u8 *wsrc;
> u8 *wdst;
> + struct sinfo *s = &ctx->s;
> +
> + s->tfm = crypto_cipher_tfm(ctx->child);
> + s->fn = fn;
>
> err = blkcipher_walk_virt(d, w);
> if (!w->nbytes)
> @@ -115,17 +118,16 @@ static int crypt(struct blkcipher_desc *d,
> wdst = w->dst.virt.addr;
>
> /* calculate first value of T */
> - iv = (be128 *)w->iv;
> - tw(crypto_cipher_tfm(ctx->tweak), (void *)&s.t, w->iv);
> + tw(crypto_cipher_tfm(ctx->tweak), (void *)&s->t, w->iv);
>
> goto first;
>
> for (;;) {
> do {
> - gf128mul_x_ble(&s.t, &s.t);
> + gf128mul_x_ble(&s->t, &s->t);
>
> first:
> - xts_round(&s, wdst, wsrc);
> + xts_round(s, wdst, wsrc);
>
> wsrc += bs;
> wdst += bs;
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
